Privacy Policy

Last updated: May 15, 2026

Tradeloper ("we", "our", "us") is a brand of AdModifier LLC, a Wyoming limited liability company (the data controller) located at 30 N Gould St #40766, Sheridan, WY 82801, USA. This policy explains what personal data we collect, how we use it, and your rights.

1. What Data We Collect

Business owner account data:

• Email address
• Business name, business type, and Google review link
• Business phone number
• Paddle customer/subscription identifiers (no card numbers — our payment provider handles those)

Customer data you add:

• Customer name and phone number
• Record of whether a review request or follow-up SMS was sent
• Date added

Usage data:

• Number of review requests sent and AI posts generated
• Session data (login state, stored in a secure cookie)

2. How We Use Your Data

• To send SMS review requests and follow-up messages to your customers via Twilio
• To generate AI social media post content via Anthropic (Claude)
• To process your subscription payment via Paddle, our payment processor and Merchant of Record
• To send transactional emails (review requests, notifications) via Resend
• To operate, maintain, and improve the Tradeloper platform

When a customer replies to a review-request SMS (anything other than STOP), we forward the reply text and sender phone number to the business owner's email so they can respond. We do NOT store reply contents in our database; the forwarded email is the only retained record.

We do not sell your data or your customers' data to any third party. We never use your customer list for our own marketing.

3. Lawful Basis (GDPR Art. 6)

Where the GDPR applies, we rely on the following lawful bases:

• Contract performance (Art. 6(1)(b)) — account creation, billing, and providing the Tradeloper service to you as a business owner.
• Contract performance / processor role — when you send SMS or email review requests to your own customers, we act as your data processor. The legal basis for contacting those customers is the business owner's own consent obligations under TCPA; Tradeloper processes that data on your behalf.
• Legitimate interests (Art. 6(1)(f)) — anti-fraud measures, security logging, and dispute resolution, where our interest in protecting the platform does not override your rights.
• Consent (Art. 6(1)(a)) — optional marketing emails to account holders. You may withdraw consent at any time by unsubscribing.
• Legal obligation (Art. 6(1)(c)) — retaining records required by tax law, FTC rules, or other applicable regulations.

4. International Transfers (GDPR Chapter V)

All sub-processors listed in section 5 are based in the United States. Where personal data is transferred from the European Economic Area (EEA) or the United Kingdom to the US, we rely on the European Commission's Standard Contractual Clauses (SCCs) as the transfer mechanism under GDPR Chapter V. You may request a copy of the applicable SCCs by emailing hello@tradeloper.com.

5. Sub-processors

The following sub-processors process personal data on our behalf under written DPAs / Standard Contractual Clauses. We share data with them only to the extent necessary to operate Tradeloper:

• Twilio — sends SMS messages to your customers. Customer phone numbers are transmitted to Twilio for this purpose.
• Anthropic — generates AI post content (Claude Haiku 4.5). Your business name, business type, and any review text you paste in are sent to Anthropic to generate relevant content. Anthropic does not train on customer data sent via the API.
• Paddle.com Market Ltd. (London, United Kingdom) — our payment processor and Merchant of Record. Paddle processes all subscription charges, collects and remits applicable taxes (VAT/GST/sales tax), and handles refunds and chargebacks on our behalf. We store a Paddle customer identifier and subscription identifier but never your card details. Paddle's privacy policy: https://www.paddle.com/legal/privacy
• Resend — sends transactional emails. Your email address is shared with Resend for delivery purposes.
• Replit — our hosting provider. The database and application run on Replit infrastructure.

6. SMS and Mobile Information (TCPA)

No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. Mobile phone numbers and SMS consent data collected by our business customers from their own customers are used solely to send SMS review requests on behalf of the business customer who collected them. We do not sell, rent, or share this data with any third party for marketing or promotional reasons. The opt-in data collected as part of the SMS consent process is not shared with any third party for any purpose other than message delivery.

You are responsible for ensuring that every customer you add to Tradeloper has given consent to receive SMS messages from your business. By adding a customer's phone number, you confirm that consent has been obtained. Tradeloper includes an opt-out mechanism ("Reply STOP to unsubscribe") in every SMS message as required by law.

Connected Accounts — Google Business Profile & Facebook

When you connect your Google Business Profile or Facebook Page to Tradeloper, we access them only to (a) read your reviews and recommendations so you can view and respond to them, and (b) publish posts that you create and approve to your own Profile or Page. We store the access tokens encrypted and use them solely for these purposes. We never sell this information or share it with third parties for marketing or promotional purposes. You can disconnect at any time from Settings, which revokes our access and deletes the stored tokens, or email hello@tradeloper.com to request deletion of any stored data.

7. Email Compliance (CAN-SPAM)

Every marketing or review request email sent through Tradeloper includes an unsubscribe mechanism and your business contact information, as required by the CAN-SPAM Act. Opt-out requests are honoured within 10 business days.

8. Data Retention

We retain your account data and customer records for as long as your account is active. If you cancel your subscription and request deletion, we will delete your account and all associated customer data within 30 days. SMS consent records are retained for 4 years as required by TCPA. Google review text and reviewer names fetched via our daily tracking are automatically purged after 12 months of inactivity.

8A. Cookies and Analytics

We use strictly necessary cookies to keep you signed in and to protect against cross-site request forgery. These are essential to the service and cannot be turned off.

We also use Google Analytics to understand which pages help visitors and how the site performs. Analytics is configured to respect your privacy: advertising and data-sharing signals are disabled, IP addresses are anonymized, and we do not sell or share your information with third parties for marketing or promotional purposes. We honor your browser’s “Do Not Track” setting, and a one-time notice on your first visit lets you opt out of analytics entirely — your choice is remembered on your device. You can change your mind anytime by clearing your browser storage for this site, and you may also use browser controls or extensions to block analytics.

9. Your Rights

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your account and data
• Export your customer list

To exercise any of these rights, email us at hello@tradeloper.com.

9A. U.S. State Privacy Rights (CCPA/CPRA & other state laws)

If you are a resident of California or another U.S. state with a comprehensive privacy law, you have the following rights regarding the personal information we hold about you:

• Right to know — request the categories and specific pieces of personal information we have collected about you, and how we use and share it.
• Right to delete — request deletion of personal information we have collected, subject to legal exceptions.
• Right to correct — request correction of inaccurate personal information.
• Right to opt out of sale or sharing — we do not sell or share your personal information, and we do not use it for cross-context behavioral advertising. There is therefore nothing to opt out of, but you may confirm this with us at any time.
• Right to non-discrimination — we will not discriminate against you for exercising any of these rights.

These rights are provided under the California Consumer Privacy Act as amended by the CPRA, and we extend equivalent rights to residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and other U.S. states with applicable privacy laws. To exercise any of these rights, email hello@tradeloper.com. We will respond within 45 days (extendable once by an additional 45 days where permitted, with notice). You may use an authorised agent to submit a request on your behalf.

10. Security

Passwords are hashed using bcrypt. Sessions are protected with sameSite and httpOnly cookie flags. File uploads are validated for MIME type. We follow OWASP security practices throughout the application.

Breach notification. If we become aware of a personal-data breach that creates a likely risk to your rights, we will notify affected users without undue delay and, where feasible, within 72 hours of discovery, and report to the relevant supervisory authority or state regulator where required by law.

11. Children's Privacy

Tradeloper is a business tool intended for adults. We do not knowingly collect data from anyone under the age of 18.

12. Changes to This Policy

If we make material changes to this policy, we will notify you by email and update the "Last updated" date above.

13. Contact

Questions about this policy? Email us at hello@tradeloper.com, or write to us at:

AdModifier LLC d/b/a Tradeloper
30 N Gould St #40766
Sheridan, WY 82801
USA